Overview

• Google confirmed a highly sophisticated phishing attack targeting all 1.8 billion Gmail users, leveraging DKIM signatures and Google Sites to bypass security filters.
• The phishing emails appeared legitimate, mimicking official Google communications and directing users to fake support pages to harvest login credentials.
• Google has rolled out protections to block this attack and is urging users to adopt two-factor authentication and passkeys for stronger account security.
• Users who fall victim to the scam have a seven-day window to recover their accounts, provided they have a recovery email or phone number set up.
• The attack was first reported by Ethereum developer Nick Johnson, who highlighted how the malicious emails passed Gmail’s security checks and appeared alongside legitimate alerts.